in reply to Re: open file using variable passed by form
in thread open file using variable passed by form

Thank you so much for taking time to help. It seems that -T was killing my script and used to code from haukex. Used (and learned from) some of your code too. I have a working script (at this point in time). You may see it again for another reason. :)

For some reason I could not open a file (for writing) in /tmp, but was able to in a new sub-directory of cgi-bin...go figure.

Again, thanks!!!

  • Comment on Re^2: open file using variable passed by form

Replies are listed 'Best First'.
Re^3: open file using variable passed by form
by haukex (Archbishop) on Mar 19, 2018 at 08:27 UTC
    For some reason I could not open a file (for writing) in /tmp, but was able to in a new sub-directory of cgi-bin...go figure.

    That's strange, and could be an indication that your script is running with privileges that are higher than e.g. the nobody user that webservers commonly use to run scripts. That'd be another reason to be incredibly careful with using form input for filenames and potentially other things. Attackers would happily exploit a security hole that allows them to create files to, for example, set up phishing sites under your domain.

    Taint mode is a good idea in this case because it forces you to think about certain cases. But it's of course also not a silver bullet - thinking about what you are doing with user input is always a good idea :-)

[reply]
[d/l]

In Section Seekers of Perl Wisdom